Exfil scripts

Hi All,

I’m relatively new to Bro and would like input if there are other exfiltration detection scripts out there other than these two:



Any others?

Additionally, when I try to run the first script, I get a split string error on this line:

local parts = split_string(key$str, /, /);

This is odd because my understanding is that the split_string function should be built-in and part of base/bif/strings.bif.bro, and it’s function is defined here: is a defined function as per here (https://www.bro.org/sphinx/scripts/base/bif/strings.bif.bro.html).

Any input on either of these questions would be appreciated. Thanks!